By Janoi Watson
Cybersecurity awareness needs to be made a priority, not just for personal usage but also for businesses. Every business is at risk of a cyber-attack. In 2018, it was reported that nearly 70% of businesses had experienced some form of a cybersecurity attack. Further mayhem was added by the claim that 60% of small businesses will close within six months of a major cyber-attack. But the real question is, are criminals getting smarter or are we not keeping ourselves educated?
Major cyber threats for 2019 onwards are listed as IoT based cyber-attacks, cloud-based attacks, ransomware, and phishing. IoT-based cyberattacks in 2017 increased by 600% alone. Microsoft reported that in 2017 cloud-based attacks have been amplified by 300%. As flexible and cost-effective as cloud-based solutions are, they have also made it so that many networks are more vulnerable to attack. You need to protect against cloud-based attacks by deploying next-generation solutions designed for the cloud, as the cloud cannot be protected with simply re-purposing traditional on-premises perimeter security tools.
Barkley Team estimates that ransomware will cost businesses $11.5 billion a year in 2019. Ransomware remains one of the most dangerous types of attacks, encrypting data and demanding a ransom for the data to be released. Cryptocurrency has made ransomware more effective, as often these ransoms are nearly entirely untraceable.
Phishing has continuously been a threat, however from 2017 to present it has grown to 65%. Social engineering attempts remain some of the hardest to protect against, as an employee could become vulnerable to them in a careless moment. Phishing attempts can lead to compromised credentials, which in turn can lead to data being breached.
In 2017, cyber-attacks on organisations cost the UK economy £10 billion, 7 out of 10 companies were falling victim to a cyber-attack or breach. According to the 2017 Data Breach Investigations Report, more than 90% of cyber-attacks were traced back to human error suggesting that mistakes caused by humans both initiate and magnifies the risk of cyber-crime and the damage it poses to businesses. The best way for business directors, CEOs and managers to combat this threat is to create a risk-aware workplace culture, and that starts with cybersecurity awareness.
Staff training may be the most important factor in all of this, if most cybersecurity risks are caused by human error then more vigilance and understanding of the susceptibility being a business poses to potential hackers is what employees must be educated about. Employees cannot be expected to avoid, report or remove security threats if they cannot recognise them.
For example, the 2019 State of IT Security Survey found that email security and employee training were listed as the top problems faced by IT security professionals. Yet, more than 30% of employees surveyed by Wombat Security Technologies didn’t even know what phishing or malware was.
Hiring staff who are equiped in this knowledge already can also help prevent the occurrence of cyber-attacks. Since human error is the main cause of cyber breaches in the workplace, hiring those who are sagacious to the possible threats is beneficial to your company but can also improve fellow employee behaviour. According to Infosec Institute, 50% of internet users receive at least one phishing email daily, however 97% of people cannot identify a phishing email and 4% of people click the email.
To summarise, a lot of the time cybersecurity is usually prioritised when it comes to personal usage, but we should also prioritise it in work settings. Hackers are learning more each day how to break boundaries and develop more ways of compromising data which is why we must keep ourselves vigilant and alert to the topic.